Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nodejs/node.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
authorRich Trott <rtrott@gmail.com>2021-11-28 01:12:26 +0300
committerGitHub <noreply@github.com>2021-11-28 01:12:26 +0300
commit12170871102ba8aff80840a1fe45a162c95e18c2 (patch)
tree6260c9b1b7c8f054326e01f1e0cb5a181df13d30 /.github
parent37f1dd9ccdee8c54e1a3465f73e727eb87555fe5 (diff)
build: set persist-credentials: false on workflows
Out of extra caution, instruct `actions/checkout` to not save GitHub authentication credentials in the git config for use by future steps. PR-URL: https://github.com/nodejs/node/pull/40972 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/authors.yml1
-rw-r--r--.github/workflows/auto-start-ci.yml2
-rw-r--r--.github/workflows/build-tarball.yml4
-rw-r--r--.github/workflows/build-windows.yml2
-rw-r--r--.github/workflows/commit-lint.yml1
-rw-r--r--.github/workflows/commit-queue.yml1
-rw-r--r--.github/workflows/coverage-linux.yml2
-rw-r--r--.github/workflows/coverage-windows.yml2
-rw-r--r--.github/workflows/daily.yml2
-rw-r--r--.github/workflows/find-inactive-collaborators.yml1
-rw-r--r--.github/workflows/find-inactive-tsc.yml5
-rw-r--r--.github/workflows/license-builder.yml2
-rw-r--r--.github/workflows/linters.yml17
-rw-r--r--.github/workflows/misc.yml2
-rw-r--r--.github/workflows/test-asan.yml2
-rw-r--r--.github/workflows/test-internet.yml2
-rw-r--r--.github/workflows/test-linux.yml2
-rw-r--r--.github/workflows/test-macos.yml2
-rw-r--r--.github/workflows/tools.yml2
19 files changed, 53 insertions, 1 deletions
diff --git a/.github/workflows/authors.yml b/.github/workflows/authors.yml
index 7374ff66a8c..40d68d9af08 100644
--- a/.github/workflows/authors.yml
+++ b/.github/workflows/authors.yml
@@ -14,6 +14,7 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: '0' # This is required to actually get all the authors
+ persist-credentials: false
- run: "tools/update-authors.js" # Run the AUTHORS tool
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
env:
diff --git a/.github/workflows/auto-start-ci.yml b/.github/workflows/auto-start-ci.yml
index 21a8de92179..c7bfd56ae17 100644
--- a/.github/workflows/auto-start-ci.yml
+++ b/.github/workflows/auto-start-ci.yml
@@ -17,6 +17,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
# Install dependencies
- name: Install Node.js
diff --git a/.github/workflows/build-tarball.yml b/.github/workflows/build-tarball.yml
index 7f96504f781..bebe414216f 100644
--- a/.github/workflows/build-tarball.yml
+++ b/.github/workflows/build-tarball.yml
@@ -31,6 +31,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
@@ -57,6 +59,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml
index 992319168b7..1155b65cf2c 100644
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@@ -29,6 +29,8 @@ jobs:
runs-on: ${{ matrix.windows }}
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml
index 0f0c6d66938..524df222407 100644
--- a/.github/workflows/commit-lint.yml
+++ b/.github/workflows/commit-lint.yml
@@ -17,6 +17,7 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: ${{ steps.nb-of-commits.outputs.plusOne }}
+ persist-credentials: false
- run: git reset HEAD^2
- name: Install Node.js
uses: actions/setup-node@v2
diff --git a/.github/workflows/commit-queue.yml b/.github/workflows/commit-queue.yml
index 54b114b7b7e..0dc7c4d5c3f 100644
--- a/.github/workflows/commit-queue.yml
+++ b/.github/workflows/commit-queue.yml
@@ -26,6 +26,7 @@ jobs:
# Needs the whole git history for ncu to work
# See https://github.com/nodejs/node-core-utils/pull/486
fetch-depth: 0
+ persist-credentials: false
# A personal token is required because pushing with GITHUB_TOKEN will
# prevent commits from running CI after they land. It needs
# to be set here because `checkout` configures GitHub authentication
diff --git a/.github/workflows/coverage-linux.yml b/.github/workflows/coverage-linux.yml
index e322e764840..ba5a553e44b 100644
--- a/.github/workflows/coverage-linux.yml
+++ b/.github/workflows/coverage-linux.yml
@@ -28,6 +28,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/coverage-windows.yml b/.github/workflows/coverage-windows.yml
index 4473eb9bd74..3fb1b5c8878 100644
--- a/.github/workflows/coverage-windows.yml
+++ b/.github/workflows/coverage-windows.yml
@@ -30,6 +30,8 @@ jobs:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/daily.yml b/.github/workflows/daily.yml
index e36a3fb5194..2f2560dd751 100644
--- a/.github/workflows/daily.yml
+++ b/.github/workflows/daily.yml
@@ -15,6 +15,8 @@ jobs:
container: gcc:11
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
diff --git a/.github/workflows/find-inactive-collaborators.yml b/.github/workflows/find-inactive-collaborators.yml
index 2fc2b9036fe..942fcd77c81 100644
--- a/.github/workflows/find-inactive-collaborators.yml
+++ b/.github/workflows/find-inactive-collaborators.yml
@@ -20,6 +20,7 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: ${{ env.NUM_COMMITS }}
+ persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
diff --git a/.github/workflows/find-inactive-tsc.yml b/.github/workflows/find-inactive-tsc.yml
index 76190f1deb6..aacb4d1ed56 100644
--- a/.github/workflows/find-inactive-tsc.yml
+++ b/.github/workflows/find-inactive-tsc.yml
@@ -18,13 +18,16 @@ jobs:
steps:
- name: Checkout the repo
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Clone nodejs/TSC repository
uses: actions/checkout@v2
with:
fetch-depth: 0
- repository: nodejs/TSC
path: .tmp
+ persist-credentials: false
+ repository: nodejs/TSC
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
diff --git a/.github/workflows/license-builder.yml b/.github/workflows/license-builder.yml
index 5f9af7bd775..b959eb89322 100644
--- a/.github/workflows/license-builder.yml
+++ b/.github/workflows/license-builder.yml
@@ -12,6 +12,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- run: "./tools/license-builder.sh" # Run the license builder tool
- uses: gr2m/create-or-update-pull-request-action@v1.x # Create a PR or update the Action's existing PR
env:
diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
index ebd27575c47..166846ae3f8 100644
--- a/.github/workflows/linters.yml
+++ b/.github/workflows/linters.yml
@@ -20,6 +20,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
@@ -33,6 +35,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
@@ -46,6 +50,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
@@ -68,6 +74,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
@@ -81,6 +89,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
@@ -96,6 +106,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Use Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
@@ -112,6 +124,8 @@ jobs:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- run: shellcheck -V
- name: Lint Shell scripts
run: tools/lint-sh.js .
@@ -120,6 +134,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- uses: mszostok/codeowners-validator@v0.6.0
with:
checks: "files,duppatterns"
@@ -130,5 +146,6 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: 2
+ persist-credentials: false
# GH Actions squashes all PR commits, HEAD^ refers to the base branch.
- run: git diff HEAD^ HEAD -G"pr-url:" -- "*.md" | ./tools/lint-pr-url.mjs ${{ github.event.pull_request.html_url }}
diff --git a/.github/workflows/misc.yml b/.github/workflows/misc.yml
index 64f58f2e96f..bcf3915059e 100644
--- a/.github/workflows/misc.yml
+++ b/.github/workflows/misc.yml
@@ -19,6 +19,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
diff --git a/.github/workflows/test-asan.yml b/.github/workflows/test-asan.yml
index 8965e38dd09..29956196d02 100644
--- a/.github/workflows/test-asan.yml
+++ b/.github/workflows/test-asan.yml
@@ -40,6 +40,8 @@ jobs:
CONFIG_FLAGS: --enable-asan
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/test-internet.yml b/.github/workflows/test-internet.yml
index 44757dd2872..94f4ab9086b 100644
--- a/.github/workflows/test-internet.yml
+++ b/.github/workflows/test-internet.yml
@@ -28,6 +28,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/test-linux.yml b/.github/workflows/test-linux.yml
index 374bf747790..ba2244aa116 100644
--- a/.github/workflows/test-linux.yml
+++ b/.github/workflows/test-linux.yml
@@ -29,6 +29,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/test-macos.yml b/.github/workflows/test-macos.yml
index 2926c3ed2eb..7da25a82587 100644
--- a/.github/workflows/test-macos.yml
+++ b/.github/workflows/test-macos.yml
@@ -35,6 +35,8 @@ jobs:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml
index 1d249832caf..c5d1d7eb114 100644
--- a/.github/workflows/tools.yml
+++ b/.github/workflows/tools.yml
@@ -50,6 +50,8 @@ jobs:
fi
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- run: ${{ matrix.run }}
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
env:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 06:18:26 +0300